From: Hans-Joachim Picht <hpicht@redhat.com>
Date: Tue, 20 May 2008 13:47:52 +0200
Subject: [s390] aes_s390 decrypt may produce wrong results in CBC
Message-id: 20080520114752.GF16866@redhat.com
O-Subject: [RHEL5 U3 PATCH 1/4] s390 - aes_s390 decrypt operation may produce wrong results in CBC mode.
Bugzilla: 446191
RH-Acked-by: Pete Zaitcev <zaitcev@redhat.com>

Description
============

The aes_s390 decrypt operation may produce wrong results in CBC mode.
In CBC mode the IV is used to chain consecutive data blocks but aes_s390
is missing the write back of the IV if decrypting in CBC mode.
If multiple data blocks are decrypted the plaintext may be wrong.
The problem is fixed writing back the IV in CBC mode

Bugzilla
=========

BZ 446191
https://bugzilla.redhat.com/show_bug.cgi?id=446191

Upstream status of the patch:
=============================
This patch does not apply to upstream since the upstream crypto
code changed with 2.6.19.

Test status:
============

The patch has been tested and fixes the problem.
The fix was verified by the IBM test team.

Please ACK.

With best regards,

Hans

diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c
index 0bf0d37..55c9cd4 100644
--- a/arch/s390/crypto/aes_s390.c
+++ b/arch/s390/crypto/aes_s390.c
@@ -215,6 +215,8 @@ static unsigned int aes_decrypt_cbc(const struct cipher_desc *desc, u8 *out,
 		BUG_ON((ret < 0) || (ret != nbytes));
 		break;
 	}
+	memcpy(desc->info, &sctx->iv, AES_BLOCK_SIZE);
+
 	return nbytes;
 }